Exemple #1
0
 // Handle Additions, removals, approvals and denials
 if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny']) || isset($_POST['mass_colorize'])) {
     if (!$user->data['session_logged_in']) {
         redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=groupcp.' . PHP_EXT . '&' . POST_GROUPS_URL . '=' . $group_id, true));
     } elseif ($sid !== $user->data['session_id']) {
         message_die(GENERAL_ERROR, $lang['Session_invalid']);
     }
     if (!$is_moderator) {
         $redirect_url = append_sid(CMS_PAGE_FORUM);
         meta_refresh(3, $redirect_url);
         $message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
         message_die(GENERAL_MESSAGE, $message);
     }
     if (isset($_POST['add'])) {
         $username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
         $sql = get_users_sql($username, false, true, true, false);
         $result = $db->sql_query($sql);
         if (!($row = $db->sql_fetchrow($result))) {
             $redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
             meta_refresh(3, $redirect_url);
             $message = $lang['Could_not_add_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
             message_die(GENERAL_MESSAGE, $message);
         }
         $row['user_level'] = $row['user_level'] == JUNIOR_ADMIN ? ADMIN : $row['user_level'];
         if ($row['user_id'] == ANONYMOUS) {
             $redirect_url = append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id);
             meta_refresh(3, $redirect_url);
             $message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid(CMS_PAGE_GROUP_CP . '?' . POST_GROUPS_URL . '=' . $group_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
             message_die(GENERAL_MESSAGE, $message);
         }
         $sql = "SELECT ug.user_id, u.user_level, u.group_id, u.user_color, u.user_rank\n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
Exemple #2
0
 function main($action)
 {
     global $template, $lang, $config, $pafiledb_config, $db, $images, $user;
     if (!$this->auth_global['auth_search']) {
         if (!$user->data['session_logged_in']) {
             redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=dload.' . PHP_EXT . '&action=stats', true));
         }
         $message = sprintf($lang['Sorry_auth_search'], $this->auth_global['auth_search_type']);
         message_die(GENERAL_MESSAGE, $message);
     }
     include IP_ROOT_PATH . 'includes/functions_search.' . PHP_EXT;
     $search_keywords = request_var('search_keywords', '', true);
     $search_keywords = htmlspecialchars_decode($search_keywords, ENT_COMPAT);
     $search_author = request_var('search_author', '', true);
     $search_author = htmlspecialchars_decode($search_author, ENT_COMPAT);
     $search_id = request_var('search_id', 0);
     $search_terms = request_var('search_terms', '');
     $search_terms = $search_terms == 'all' ? 1 : 0;
     $cat_id = request_var('cat_id', 0);
     $comments_search = request_var('comments_search', '');
     $comments_search = $comments_search == 'YES' ? 1 : 0;
     $start = request_var('start', 0);
     $start = $start < 0 ? 0 : $start;
     $sort_method = request_var('sort_method', $pafiledb_config['sort_method']);
     $sort_method = check_var_value($sort_method, array('file_name', 'file_time', 'file_dls', 'file_rating', 'file_update_time'));
     $sort_method = $sort_method == 'file_rating' ? 'rating' : $sort_method;
     $sort_order = request_var('order', $pafiledb_config['sort_order']);
     $sort_order = check_var_value($sort_order, array('DESC', 'ASC'));
     $limit_sql = $start == 0 ? $pafiledb_config['settings_file_page'] : $start . ',' . $pafiledb_config['settings_file_page'];
     // encoding match for workaround
     $multibyte_charset = 'utf-8, big5, shift_jis, euc-kr, gb2312';
     if (isset($_POST['submit']) || $search_author != '' || $search_keywords != '' || $search_id) {
         $store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_method', 'sort_order');
         if ($search_author != '' || $search_keywords != '') {
             if ($search_author != '' && $search_keywords == '') {
                 $search_author = str_replace('*', '%', trim($search_author));
                 $sql = get_users_sql($search_author, true, false, true, false);
                 $result = $db->sql_query($sql);
                 $matching_userids = '';
                 if ($row = $db->sql_fetchrow($result)) {
                     do {
                         $matching_userids .= ($matching_userids != '' ? ', ' : '') . $row['user_id'];
                     } while ($row = $db->sql_fetchrow($result));
                 } else {
                     message_die(GENERAL_MESSAGE, $lang['No_search_match']);
                 }
                 $sql = "SELECT *\n\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\tWHERE user_id IN ({$matching_userids})";
                 $result = $db->sql_query($sql);
                 $search_ids = array();
                 while ($row = $db->sql_fetchrow($result)) {
                     if ($this->auth[$row['file_catid']]['auth_view']) {
                         $search_ids[] = $row['file_id'];
                     }
                 }
                 $db->sql_freeresult($result);
                 $total_match_count = sizeof($search_ids);
             } elseif ($search_keywords != '') {
                 stopwords_synonyms_init();
                 $split_search = array();
                 $split_search = !strstr($multibyte_charset, $lang['ENCODING']) ? split_words(clean_words('search', stripslashes($search_keywords), $stopwords_array, $synonyms_array), 'search') : split(' ', $search_keywords);
                 $word_count = 0;
                 $current_match_type = 'or';
                 $word_match = array();
                 $result_list = array();
                 for ($i = 0; $i < sizeof($split_search); $i++) {
                     switch ($split_search[$i]) {
                         case 'and':
                             $current_match_type = 'and';
                             break;
                         case 'or':
                             $current_match_type = 'or';
                             break;
                         case 'not':
                             $current_match_type = 'not';
                             break;
                         default:
                             if (!empty($search_terms)) {
                                 $current_match_type = 'and';
                             }
                             $match_word = addslashes('%' . str_replace('*', '', $split_search[$i]) . '%');
                             $sql = "SELECT file_id\n\t\t\t\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE (file_name LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_creator LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_desc LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR file_longdesc LIKE '{$match_word}')";
                             $result = $db->sql_query($sql);
                             $row = array();
                             while ($temp_row = $db->sql_fetchrow($result)) {
                                 $row[$temp_row['file_id']] = 1;
                                 if (!$word_count) {
                                     $result_list[$temp_row['file_id']] = 1;
                                 } elseif ($current_match_type == 'or') {
                                     $result_list[$temp_row['file_id']] = 1;
                                 } elseif ($current_match_type == 'not') {
                                     $result_list[$temp_row['file_id']] = 0;
                                 }
                             }
                             if ($current_match_type == 'and' && $word_count) {
                                 @reset($result_list);
                                 while (list($file_id, $match_count) = @each($result_list)) {
                                     if (!$row[$file_id]) {
                                         $result_list[$file_id] = 0;
                                     }
                                 }
                             }
                             if ($comments_search) {
                                 $sql = "SELECT file_id\n\t\t\t\t\t\t\t\t\tFROM " . PA_COMMENTS_TABLE . "\n\t\t\t\t\t\t\t\t\tWHERE (comments_title LIKE '{$match_word}'\n\t\t\t\t\t\t\t\t\tOR comments_text LIKE '{$match_word}')";
                                 $result = $db->sql_query($sql);
                                 $row = array();
                                 while ($temp_row = $db->sql_fetchrow($result)) {
                                     $row[$temp_row['file_id']] = 1;
                                     if (!$word_count) {
                                         $result_list[$temp_row['file_id']] = 1;
                                     } else {
                                         if ($current_match_type == 'or') {
                                             $result_list[$temp_row['file_id']] = 1;
                                         } else {
                                             if ($current_match_type == 'not') {
                                                 $result_list[$temp_row['file_id']] = 0;
                                             }
                                         }
                                     }
                                 }
                                 if ($current_match_type == 'and' && $word_count) {
                                     @reset($result_list);
                                     while (list($file_id, $match_count) = @each($result_list)) {
                                         if (!$row[$file_id]) {
                                             $result_list[$file_id] = 0;
                                         }
                                     }
                                 }
                             }
                             $word_count++;
                             $db->sql_freeresult($result);
                     }
                 }
                 @reset($result_list);
                 $search_ids = array();
                 while (list($file_id, $matches) = each($result_list)) {
                     if ($matches) {
                         $search_ids[] = $file_id;
                     }
                 }
                 unset($result_list);
                 $total_match_count = sizeof($search_ids);
             }
             // Author name search
             if ($search_author != '') {
                 $search_author = str_replace('*', '%', trim($db->sql_escape($search_author)));
             }
             if ($total_match_count) {
                 $where_sql = $cat_id ? 'AND file_catid IN (' . $this->gen_cat_ids($cat_id, '') . ')' : '';
                 if ($search_author == '') {
                     $sql = "SELECT file_id, file_catid\n\t\t\t\t\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\t\t\t\t\tWHERE file_id IN (" . implode(", ", $search_ids) . ")\n\t\t\t\t\t\t\t\t{$where_sql}\n\t\t\t\t\t\t\tGROUP BY file_id";
                 } else {
                     $from_sql = PA_FILES_TABLE . " f";
                     if ($search_author != '') {
                         $from_sql .= ", " . USERS_TABLE . " u";
                         $where_sql .= " AND u.user_id = f.user_id AND u.username LIKE '{$search_author}' ";
                     }
                     $where_sql .= $cat_id ? 'AND file_catid IN (' . $this->gen_cat_ids($cat_id, '') . ')' : '';
                     $sql = "SELECT f.file_id, f.file_catid\n\t\t\t\t\t\t\tFROM {$from_sql}\n\t\t\t\t\t\t\tWHERE f.file_id IN (" . implode(", ", $search_ids) . ")\n\t\t\t\t\t\t\t{$where_sql}\n\t\t\t\t\t\t\tGROUP BY f.file_id";
                 }
                 $result = $db->sql_query($sql);
                 $search_ids = array();
                 while ($row = $db->sql_fetchrow($result)) {
                     if ($this->auth[$row['file_catid']]['auth_view']) {
                         $search_ids[] = $row['file_id'];
                     }
                 }
                 $db->sql_freeresult($result);
                 $total_match_count = sizeof($search_ids);
             } else {
                 message_die(GENERAL_MESSAGE, $lang['No_search_match']);
             }
             //
             // Finish building query (for all combinations)
             // and run it ...
             //
             $expiry_time = $current_time - $config['session_length'];
             $sql = "SELECT session_id\n\t\t\t\t\tFROM " . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_time > {$expiry_time}";
             $db->sql_return_on_error(true);
             $result = $db->sql_query($sql);
             $db->sql_return_on_error(false);
             if ($result) {
                 $delete_search_ids = array();
                 while ($row = $db->sql_fetchrow($result)) {
                     $delete_search_ids[] = "'" . $row['session_id'] . "'";
                 }
                 if (sizeof($delete_search_ids)) {
                     $sql = "DELETE FROM " . SEARCH_TABLE . "\n\t\t\t\t\t\t\tWHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
                     $result = $db->sql_query($sql);
                 }
             }
             // Store new result data
             $search_results = implode(', ', $search_ids);
             $store_search_data = array();
             for ($i = 0; $i < sizeof($store_vars); $i++) {
                 $store_search_data[$store_vars[$i]] = ${$store_vars}[$i];
             }
             $result_array = serialize($store_search_data);
             unset($store_search_data);
             mt_srand((double) microtime() * 1000000);
             $search_id = mt_rand();
             $sql = "UPDATE " . SEARCH_TABLE . "\n\t\t\t\t\tSET search_id = {$search_id}, search_array = '" . $db->sql_escape($result_array) . "'\n\t\t\t\t\tWHERE session_id = '" . $user->data['session_id'] . "'";
             $db->sql_return_on_error(true);
             $result = $db->sql_query($sql);
             $db->sql_return_on_error(false);
             if (!$result || !$db->sql_affectedrows()) {
                 $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)\n\t\t\t\t\t\tVALUES({$search_id}, '" . $user->data['session_id'] . "', '" . $db->sql_escape($result_array) . "')";
                 $result = $db->sql_query($sql);
             }
         } else {
             $search_id = intval($search_id);
             if ($search_id) {
                 $sql = "SELECT search_array\n\t\t\t\t\t\tFROM " . SEARCH_TABLE . "\n\t\t\t\t\t\tWHERE search_id = {$search_id}\n\t\t\t\t\t\tAND session_id = '" . $user->data['session_id'] . "'";
                 $result = $db->sql_query($sql);
                 if ($row = $db->sql_fetchrow($result)) {
                     $search_data = unserialize($row['search_array']);
                     for ($i = 0; $i < sizeof($store_vars); $i++) {
                         ${$store_vars}[$i] = $search_data[$store_vars[$i]];
                     }
                 }
             }
         }
         if ($search_results != '') {
             $sql = "SELECT f1.*, AVG(r.rate_point) AS rating, COUNT(r.votes_file) AS total_votes, u.user_id, u.username, u.user_active, u.user_color, c.cat_id, c.cat_name, COUNT(cm.comments_id) AS total_comments\n\t\t\t\t\tFROM (" . PA_FILES_TABLE . " AS f1, " . PA_CATEGORY_TABLE . " AS c)\n\t\t\t\t\t\tLEFT JOIN " . PA_VOTES_TABLE . " AS r ON f1.file_id = r.votes_file\n\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON f1.user_id = u.user_id\n\t\t\t\t\t\tLEFT JOIN " . PA_COMMENTS_TABLE . " AS cm ON f1.file_id = cm.file_id\n\t\t\t\t\tWHERE f1.file_id IN ({$search_results})\n\t\t\t\t\tAND c.cat_id = f1.file_catid\n\t\t\t\t\tAND f1.file_approved = '1'\n\t\t\t\t\tGROUP BY f1.file_id\n\t\t\t\t\tORDER BY {$sort_method} {$sort_order}\n\t\t\t\t\tLIMIT {$limit_sql}";
             $result = $db->sql_query($sql);
             $searchset = array();
             while ($row = $db->sql_fetchrow($result)) {
                 $searchset[] = $row;
             }
             $db->sql_freeresult($result);
             $l_search_matches = $total_match_count == 1 ? sprintf($lang['Found_search_match'], $total_match_count) : sprintf($lang['Found_search_matches'], $total_match_count);
             $template->assign_vars(array('L_SEARCH_MATCHES' => $l_search_matches));
             for ($i = 0; $i < sizeof($searchset); $i++) {
                 $cat_url = append_sid('dload.' . PHP_EXT . '?action=category&amp;cat_id=' . $searchset[$i]['cat_id']);
                 $file_url = append_sid('dload.' . PHP_EXT . '?action=file&amp;file_id=' . $searchset[$i]['file_id']);
                 //===================================================
                 // Format the date for the given file
                 //===================================================
                 $date = create_date_ip($config['default_dateformat'], $searchset[$i]['file_time'], $config['board_timezone']);
                 //===================================================
                 // Get rating for the file and format it
                 //===================================================
                 //$rating = ($searchset[$i]['rating'] != 0) ? round($searchset[$i]['rating'], 2) . ' / 10' : $lang['Not_rated'];
                 //$rating2 = ($searchset[$i]['rating'] != 0) ? sprintf("%.1f", round(($searchset[$i]['rating']), 2) / 2) : '0.0';
                 $rating2 = $searchset[$i]['rating'] != 0 ? sprintf("%.1f", round($searchset[$i]['rating'], 0) / 2) : '0.0';
                 //===================================================
                 // If the file is new then put a new image in front of it
                 //===================================================
                 $is_new = false;
                 if (time() - $pafiledb_config['settings_newdays'] * 24 * 60 * 60 < $searchset[$i]['file_time']) {
                     $is_new = true;
                 }
                 $xs_new = $is_new ? '-new' : '';
                 //===================================================
                 // Get the post icon fot this file
                 //===================================================
                 if ($searchset[$i]['file_pin'] != FILE_PINNED) {
                     if ($searchset[$i]['file_posticon'] == 'none' || $searchset[$i]['file_posticon'] == 'none.gif') {
                         $posticon = '<img src="' . IP_ROOT_PATH . FILES_ICONS_DIR . 'default.png" alt="" />';
                         //$posticon = '&nbsp;';
                     } else {
                         $posticon = '<img src="' . FILES_ICONS_DIR . $searchset[$i]['file_posticon'] . '" alt="" />';
                     }
                 } else {
                     $posticon = '<img src="' . $images['forum_link'] . '" alt="" />';
                 }
                 $poster = $searchset[$i]['user_id'] == ANONYMOUS ? $lang['Guest'] : colorize_username($searchset[$i]['user_id'], $searchset[$i]['username'], $searchset[$i]['user_color'], $searchset[$i]['user_active']);
                 $template->assign_block_vars('searchresults', array('CAT_NAME' => $searchset[$i]['cat_name'], 'FILE_NEW_IMAGE' => $images['pa_file_new'], 'PIN_IMAGE' => $posticon, 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'IS_NEW_FILE' => $is_new, 'FILE_NAME' => $searchset[$i]['file_name'], 'FILE_DESC' => $searchset[$i]['file_desc'], 'FILE_SUBMITER' => $poster, 'DATE' => $date, 'RATING' => $rating2, 'DOWNLOADS' => $searchset[$i]['file_dls'], 'U_FILE' => $file_url, 'U_CAT' => $cat_url));
             }
             $base_url = append_sid('dload.' . PHP_EXT . '?action=search&amp;search_id=' . $search_id);
             $template->assign_vars(array('PAGINATION' => generate_pagination($base_url, $total_match_count, $pafiledb_config['settings_file_page'], $start), 'PAGE_NUMBER' => sprintf($lang['Page_of'], floor($start / $pafiledb_config['settings_file_page']) + 1, ceil($total_match_count / $pafiledb_config['settings_file_page'])), 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'L_HOME' => $lang['Home'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD' => append_sid('dload.' . PHP_EXT), 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_RATE' => $lang['DlRating'], 'L_DOWNLOADS' => $lang['Dls'], 'L_DATE' => $lang['Date'], 'L_NAME' => $lang['Name'], 'L_FILE' => $lang['File'], 'L_SUBMITER' => $lang['Submiter'], 'L_CATEGORY' => $lang['Category'], 'L_NEW_FILE' => $lang['New_file']));
             $this->display($lang['Download'], 'pa_search_result.tpl');
         } else {
             message_die(GENERAL_MESSAGE, $lang['No_search_match']);
         }
     }
     if (!isset($_POST['submit']) || $search_author == '' && $search_keywords == '' && !$search_id) {
         $dropmenu = $this->jumpmenu_option();
         $template->assign_vars(array('S_SEARCH_ACTION' => append_sid('dload.php'), 'S_CAT_MENU' => $dropmenu, 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD' => append_sid('dload.' . PHP_EXT), 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'XS_NEW' => $xs_new, 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'L_SEARCH_OPTIONS' => $lang['Search_options'], 'L_SEARCH_KEYWORDS' => $lang['Search_keywords'], 'L_SEARCH_KEYWORDS_EXPLAIN' => $lang['Search_keywords_explain'], 'L_SEARCH_AUTHOR' => $lang['Search_author'], 'L_SEARCH_AUTHOR_EXPLAIN' => $lang['Search_author_explain'], 'L_SEARCH_ANY_TERMS' => $lang['Search_for_any'], 'L_SEARCH_ALL_TERMS' => $lang['Search_for_all'], 'L_INCLUDE_COMMENTS' => $lang['Include_comments'], 'L_SORT_BY' => $lang['Select_sort_method'], 'L_SORT_DIR' => $lang['Order'], 'L_SORT_ASCENDING' => $lang['Sort_Ascending'], 'L_SORT_DESCENDING' => $lang['Sort_Descending'], 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_RATING' => $lang['DlRating'], 'L_DOWNLOADS' => $lang['Dls'], 'L_DATE' => $lang['Date'], 'L_NAME' => $lang['Name'], 'L_UPDATE_TIME' => $lang['Update_time'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_FOR' => $lang['Search_for'], 'L_ALL' => $lang['All'], 'L_CHOOSE_CAT' => $lang['Choose_cat']));
         $this->display($lang['Download'], 'pa_search_body.tpl');
     }
 }
Exemple #3
0
				$show_results = 'posts';
				$sort_by = 0;
				$sort_dir = 'DESC';
			}
			else
			{
				//$search_author = str_replace('*', '%', trim($db->sql_escape($search_author)));
				$search_author = str_replace('*', '%', trim($db->sql_escape(utf8_clean_string($search_author))));
				if(!$only_bluecards && (strpos($search_author, '%') !== false) && (strlen(str_replace('%', '', $search_author)) < $config['search_min_chars']))
				{
					$search_author = '';
					message_die(GENERAL_MESSAGE, sprintf($lang['SEARCH_MIN_CHARS'], $config['search_min_chars']));
				}

				$sql = get_users_sql($search_author, true, false, false, false);
				$result = $db->sql_query($sql);

				$matching_userids = '';
				if ($row = $db->sql_fetchrow($result))
				{
					do
					{
						$matching_userids .= (($matching_userids != '') ? ', ' : '') . $row['user_id'];
					}
					while($row = $db->sql_fetchrow($result));
				}
				else
				{
					message_die(GENERAL_MESSAGE, $lang['No_search_match']);
				}
Exemple #4
0
 function post_change_poster($post_id, $poster_name)
 {
     global $db, $user;
     /*
     $founder_id = (defined('FOUNDER_ID') ? FOUNDER_ID : get_founder_id());
     if ($user->data['user_id'] != $founder_id)
     {
     	return false;
     }
     */
     $sql = get_users_sql($poster_name, false, false, true, false);
     $result = $db->sql_query($sql);
     if (!($row = $db->sql_fetchrow($result))) {
         $db->sql_freeresult($result);
         return false;
     }
     $poster_id = $row['user_id'];
     $db->sql_freeresult($result);
     $is_first_post = false;
     $sql = "SELECT topic_id\n\t\t\tFROM " . TOPICS_TABLE . "\n\t\t\tWHERE topic_first_post_id = '" . $post_id . "'\n\t\t\tLIMIT 1";
     $result = $db->sql_query($sql);
     if ($row = $db->sql_fetchrow($result)) {
         $is_first_post = true;
         $topic_id = $row['topic_id'];
     }
     $db->sql_freeresult($result);
     $is_post_count = false;
     $sql = "SELECT p.forum_id, p.poster_id, p.post_username, f.forum_postcount\n\t\t\tFROM " . POSTS_TABLE . " p, " . FORUMS_TABLE . " f\n\t\t\tWHERE p.post_id = '" . $post_id . "'\n\t\t\t\tAND f.forum_id = p.forum_id\n\t\t\tLIMIT 1";
     $result = $db->sql_query($sql);
     if ($row = $db->sql_fetchrow($result)) {
         $old_poster_id = $row['poster_id'];
         $old_poster_username = $row['post_username'];
         $is_post_count = $row['forum_postcount'] ? true : false;
     }
     $db->sql_freeresult($result);
     $sql = "UPDATE " . POSTS_TABLE . " SET poster_id = '" . $poster_id . "', post_username = '' WHERE post_id = '" . $post_id . "'";
     $result = $db->sql_query($sql);
     if ($is_first_post) {
         $sql = "UPDATE " . TOPICS_TABLE . " SET topic_poster = '" . $poster_id . "' WHERE topic_id = '" . $topic_id . "'";
         $result = $db->sql_query($sql);
     }
     if ($is_post_count) {
         if ($poster_id != ANONYMOUS) {
             $sql = "UPDATE " . USERS_TABLE . " SET user_posts = (user_posts + 1) WHERE user_id = '" . $poster_id . "'";
             $result = $db->sql_query($sql);
             $this->autogroup($poster_id);
         }
         if ($old_poster_id != ANONYMOUS) {
             $this->user_decrease_postscounter($old_poster_id, 1);
             $this->autogroup($old_poster_id);
         }
     }
     return true;
 }
function validate_username($username)
{
    global $db, $user, $lang;
    // Remove doubled up spaces
    $username = preg_replace('#\\s+#', ' ', trim($username));
    $username = phpbb_clean_username($username);
    $sql = get_users_sql($username, false, false, true, false);
    $db->sql_return_on_error(true);
    $result = $db->sql_query($sql);
    $db->sql_return_on_error(false);
    if ($result) {
        while ($row = $db->sql_fetchrow($result)) {
            if ($user->data['session_logged_in'] && $row['username'] != $user->data['username'] || !$user->data['session_logged_in']) {
                $db->sql_freeresult($result);
                return array('error' => true, 'error_msg' => $lang['Username_taken']);
            }
        }
    }
    $db->sql_freeresult($result);
    $sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . $db->sql_escape(strtolower($username)) . "'";
    $db->sql_return_on_error(true);
    $result = $db->sql_query($sql);
    $db->sql_return_on_error(false);
    if ($result) {
        if ($row = $db->sql_fetchrow($result)) {
            $db->sql_freeresult($result);
            return array('error' => true, 'error_msg' => $lang['Username_taken']);
        }
    }
    $db->sql_freeresult($result);
    $sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE;
    $db->sql_return_on_error(true);
    $result = $db->sql_query($sql);
    $db->sql_return_on_error(false);
    if ($result) {
        if ($row = $db->sql_fetchrow($result)) {
            do {
                if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) {
                    $db->sql_freeresult($result);
                    return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
                }
            } while ($row = $db->sql_fetchrow($result));
        }
    }
    $db->sql_freeresult($result);
    $sql = "SELECT word\n\t\tFROM " . WORDS_TABLE;
    $db->sql_return_on_error(true);
    $result = $db->sql_query($sql);
    $db->sql_return_on_error(false);
    if ($result) {
        if ($row = $db->sql_fetchrow($result)) {
            do {
                if (preg_match("#\\b(" . str_replace("\\*", ".*?", preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
                    $db->sql_freeresult($result);
                    return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
                }
            } while ($row = $db->sql_fetchrow($result));
        }
    }
    $db->sql_freeresult($result);
    if (!preg_match("/^[a-z0-9&\\-_ ]+\$/i", $username)) {
        return array('error' => true, 'error_msg' => $lang['Forbidden_characters']);
    }
    // Disallow " and ALT-255 in username.
    if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)) || strstr($username, chr(173))) {
        return array('error' => true, 'error_msg' => $lang['Username_invalid']);
    }
    return array('error' => false, 'error_msg' => '');
}
Exemple #6
0
         } else {
             $_varary = $_POST['pending_members'];
         }
         $_data = '';
         for ($i = 0; $i < sizeof($_varary); $i++) {
             $_data .= ($_data != '' ? ', ' : '') . intval($_varary[$i]);
         }
         $content .= '[Group Edit: ' . $_tmp1 . ' ==> ' . $_data . ']';
         if ($db_log_actions == true) {
             $db_log = array('action' => 'GROUP_EDIT', 'desc' => $_tmp1, 'target' => $_data);
         }
         $update_log = true;
     } elseif (isset($_POST['add']) && isset($_POST['username'])) {
         $content .= '[Group Add: ' . $_tmp1 . ' ==> ' . $_POST['username'] . ']';
         if ($db_log_actions == true) {
             $sql = get_users_sql(phpbb_clean_username($_POST['username']), false, false, true, true);
             $result = $db->sql_query($sql);
             $user_row = $db->sql_fetchrow($result);
             $db->sql_freeresult($result);
             $db_log = array('action' => 'GROUP_ADD', 'desc' => $_tmp1, 'target' => $user_row['user_id']);
         }
         $update_log = true;
     } elseif (isset($_POST['groupstatus']) && isset($_POST['group_type'])) {
         $content .= '[Group Type: ' . $_tmp1 . ' ==> ' . intval($_POST['group_type']) . ']';
         if ($db_log_actions == true) {
             $db_log = array('action' => 'GROUP_TYPE', 'desc' => $_tmp1 . ';' . intval($_POST['group_type']), 'target' => '');
         }
         $update_log = true;
     }
 }
 break;
function search_attachments($order_by, &$total_rows)
{
    global $db, $lang;
    $where_sql = array();
    // Get submitted Vars
    $search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat');
    for ($i = 0; $i < sizeof($search_vars); $i++) {
        ${$search_vars}[$i] = request_var($search_vars[$i], '');
    }
    // Author name search
    if ($search_author != '') {
        // Bring in line with 2.0.x expected username
        $search_author = addslashes(html_entity_decode($search_author));
        $search_author = stripslashes(phpbb_clean_username($search_author));
        // Prepare for directly going into sql query
        $search_author = str_replace('*', '%', $db->sql_escape(utf8_clean_string($search_author)));
        // We need the post_id's, because we want to query the Attachment Table
        $sql = get_users_sql($search_author, true, false, false, false);
        $result = $db->sql_query($sql);
        $matching_userids = '';
        if ($row = $db->sql_fetchrow($result)) {
            do {
                $matching_userids .= ($matching_userids != '' ? ', ' : '') . intval($row['user_id']);
            } while ($row = $db->sql_fetchrow($result));
            $db->sql_freeresult($result);
        } else {
            message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
        }
        $where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) ';
    }
    // Search Keyword
    if ($search_keyword_fname != '') {
        $match_word = str_replace('*', '%', $search_keyword_fname);
        $where_sql[] = " (a.real_filename LIKE '" . $db->sql_escape($match_word) . "') ";
    }
    if ($search_keyword_comment != '') {
        $match_word = str_replace('*', '%', $search_keyword_comment);
        $where_sql[] = " (a.comment LIKE '" . $db->sql_escape($match_word) . "') ";
    }
    // Search Download Count
    if ($search_count_smaller != '' || $search_count_greater != '') {
        if ($search_count_smaller != '') {
            $where_sql[] = ' (a.download_count < ' . (int) $search_count_smaller . ') ';
        } else {
            if ($search_count_greater != '') {
                $where_sql[] = ' (a.download_count > ' . (int) $search_count_greater . ') ';
            }
        }
    }
    // Search Filesize
    if ($search_size_smaller != '' || $search_size_greater != '') {
        if ($search_size_smaller != '') {
            $where_sql[] = ' (a.filesize < ' . (int) $search_size_smaller . ') ';
        } else {
            if ($search_size_greater != '') {
                $where_sql[] = ' (a.filesize > ' . (int) $search_size_greater . ') ';
            }
        }
    }
    // Search Attachment Time
    if ($search_days_greater != '') {
        $where_sql[] = ' (a.filetime < ' . (time() - (int) $search_days_greater * 86400) . ') ';
    }
    // Search Forum
    if ($search_forum) {
        $where_sql[] = ' (p.forum_id = ' . intval($search_forum) . ') ';
    }
    // Search Cat... nope... sorry :(
    $sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id
		FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE ';
    if (sizeof($where_sql) > 0) {
        $sql .= implode('AND', $where_sql) . ' AND ';
    }
    $sql .= 't.post_id = p.post_id AND a.attach_id = t.attach_id ';
    $total_rows_sql = $sql;
    $sql .= $order_by;
    $result = $db->sql_query($sql);
    $attachments = $db->sql_fetchrowset($result);
    $num_attach = $db->sql_numrows($result);
    $db->sql_freeresult($result);
    if ($num_attach == 0) {
        message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
    }
    $result = $db->sql_query($total_rows_sql);
    $total_rows = $db->sql_numrows($result);
    $db->sql_freeresult($result);
    return $attachments;
}
Exemple #8
0
include_once(IP_ROOT_PATH . 'includes/users_zebra_block.' . PHP_EXT);

make_jumpbox(CMS_PAGE_VIEWFORUM);

// New message
$post_new_mesg_url = '<a href="' . append_sid(CMS_PAGE_PRIVMSG . '?mode=post') . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" /></a>';

// Search messages
$search_sql = '';
$search_userid = 0;
$search_subject = '';
$search_text = '';
if($search_type === 'author')
{
	$sql = get_users_sql($search_value, true, false, true, false);
	$result = $db->sql_query($sql);
	if($result)
	{
		$row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);
		if($row !== false)
		{
			$search_userid = $row['user_id'];
			$search_sql = ' AND privmsgs_' . ((($folder === 'inbox') || ($folder === 'savebox')) ? 'from' : 'to') . '_userid = ' . $search_userid . ' ';
		}
	}
}
elseif($search_type === 'subject')
{
	$search_sql = ' AND privmsgs_subject LIKE \'%' . $db->sql_escape($search_value) . '%\' ';
 function id_2_name($id, $mode = 'user')
 {
     global $db;
     static $nameCache;
     //Stores names we've already sent a query for
     //Has array sections ['user'] and ['reverse']
     //['user']['user_id'] => ['username']
     //['reverse']['username'] => ['user_id']
     if ($id == '') {
         return '?';
     }
     switch ($mode) {
         case 'user_formatted':
             if (isset($nameCache['user_formatted'][$id])) {
                 return $nameCache['user_formatted'][$id];
             }
             $sql = "SELECT user_id, username, username_clean, user_active, user_color FROM " . USERS_TABLE . " WHERE user_id = '" . $id . "'";
             break;
         case 'user':
             if (isset($nameCache['user'][$id])) {
                 return $nameCache['user'][$id];
             }
             $sql = "SELECT user_id, username, username_clean, user_active, user_color FROM " . USERS_TABLE . " WHERE user_id = " . $id;
             break;
         case 'reverse':
             if (isset($nameCache['reverse'][$id])) {
                 return $nameCache['reverse'][$id];
             }
             $sql = get_users_sql($id, false, false, true, false);
             break;
     }
     if (!empty($sql)) {
         $result = $db->sql_query($sql);
         $row = $db->sql_fetchrow($result);
         $db->sql_freeresult($result);
         if (empty($row['user_id'])) {
             return false;
         } else {
             // Compile cache
             $formatted_username = colorize_username($row['user_id'], $row['username'], $row['user_color'], $row['user_active']);
             $nameCache['user'][$row['user_id']] = $row['username'];
             $nameCache['user_formatted'][$row['user_id']] = $formatted_username;
             $nameCache['reverse'][$row['username']] = $row['user_id'];
             switch ($mode) {
                 case 'user_formatted':
                     return $formatted_username;
                     break;
                 case 'user':
                     return $row['username'];
                     break;
                 case 'reverse':
                     return $row['user_id'];
                     break;
             }
         }
     }
     return false;
 }